By Martin Lipka, Head of Connectivity Architecture, Pulsant
On June 13th 2018, news broke that the UK-based retail giant Dixons Carphone had suffered from a data breach of epic proportions. Approximately 5.9 million payment cards were involved, along with 1.2 million personal data records.
Perhaps the most surprising part of this story, however, is that the hacking attempt is not even recent – it first began in July last year.
While the finer details of the attack have not been disclosed, this is just another instance of a large organisation seemingly not taking cyber security seriously enough. All too often, businesses fail to notice they’ve been hacked until it’s far too late. In fact, a blog from security specialist Armor explains that, while it takes a cyber criminal four to six days on average to carry out an attack, it usually takes more than 146 days on average for a company to discover a breach.
In a world where data is now the most valuable resource for businesses, this is simply not good enough. Shortly after the attack, Alex Baldock, CEO of Dixons Carphone said that “the protection of our data has to be at the heart of our business, and we’ve fallen short here.” However, considering this is a company that specialises in selling technology to its customers, this shouldn’t have ever happened in the first place.
From a GDPR perspective, however, it seems that Dixons Carphone has been lucky. Because it appears the company reported the breach before the GDPR enforcement date of May 25th, they have been able to avoid the hefty fines that many businesses will now face moving forwards. However, as more businesses move their IT infrastructure to the cloud, we will undoubtedly see the number of cyber attacks continue to increase, and under GDPR businesses will have to be much, much quicker in reporting any data breaches.
So what can other businesses do to protect themselves from data breaches of this kind?
The most important thing we can do is learn from these mistakes. All businesses need to be much more proactive in regularly monitoring their entire IT infrastructure and identifying any potential data breaches. Not only is this important in terms of GDPR compliance, but it can also prevent the reputational and financial damage that Dixons Carphone have experienced in the days since the initial news story broke.
Thankfully, our partnership with Armor means we can provide the security and agility that’s required nowadays. Through our Pulsant Protect solution, our customers can benefit from immediate notification and incident response delivered by employing a combination of people and machine intelligence. It’s an innovative response to the challenging threats landscape.
Additionally, our Continuous Compliance solution is designed to monitor all relevant cyber security areas and simplify the management and maturity of all compliance standards. Essentially, Continuous Compliance massively improves the efficiency of day-to-day operations while guaranteeing your business maintains compliance across the huge number of regulations and guidelines that businesses must consider nowadays.
Cyber security is no longer something that’s only talked about in dystopian sci-fi movies – it’s a real threat affecting all businesses, and as the Dixons Carphone story goes to show, the consequences can be devastating. Instead of taking reactive actions, we need to remain constantly aware of the cyber threats that surround us and take smart, responsible and proactive measures if we are to avoid being featured in tomorrow’s headlines.
To learn more about how cyber criminals operate and how businesses can stay protected, download our “Cyber Security: State of Play” eBook here.